

**Amendments to the Claims:**

This listing of claims will replace all prior versions, and listings, of claims in the application:

**Listing of Claims:**

Please cancel claims 1-18.

Please add the following new claims, claims 37-76.

37. (Currently Amended) An apparatus comprising:

a configuration storage to store configuration settings to configure an access transaction generated by a processor having a first execution mode and a second execution mode, the configuration storage to store an execution mode identifier that is asserted as an execution mode signal to indicate the processor is operating in the first execution mode, the configuration settings including subsystem memory range settings, a memory base value, and a memory length value, a combination of at least the base and length values to the configuration settings to define a protected memory area in a memory external to the processor that is accessible to the processor in the first execution mode, and the configuration settings to define an un-protected memory area that is accessible to the processor in the second execution mode, wherein the processor in the second execution mode cannot access the protected memory area, the access transaction including access information including a physical address;

a protected memory zone in the protected memory area defined by a subsystem memory range setting;

an un-protected memory zone in the un-protected memory area; and

a memory zone access checking circuit coupled to the configuration storage to check the access transaction using at least one of the configuration settings and the access information to determine if the access transaction is valid and generating an access grant signal if the transaction is valid.

38. (Previously Presented) The apparatus of claim 37 wherein the protected memory zone in the protected memory area includes at least one protected memory page.

39. (Previously Presented) The apparatus of claim 38 wherein the at least one protected memory page includes an applet page.

40. (Previously Presented) The apparatus of claim 38 wherein the at least one protected memory page includes an OS nub page.

41. (Previously Presented) The apparatus of claim 38 wherein the at least one protected memory page includes a processor nub page.

42. (Canceled)

43. (Currently Amended) The apparatus of claim [[42]] 37 further comprising an identifier that identifies a currently active protected memory zone and that the processor is operating in the first execution mode.

44. (Previously Presented) The apparatus of claim 43 wherein determining if the access transaction is valid further comprises determining if the physical address is within the currently active protected memory zone and if the identifier is asserted.

45. (Previously Presented) The apparatus of claim 43 wherein the multi-memory zone access checking circuit comprises a memory zone detector to detect if the physical address is within the currently active protected memory zone such that the memory zone detector generates a memory zone matching signal.

46. (Previously Presented) The apparatus of claim 45 wherein the multi-memory zone access checking circuit further comprises an access grant generator coupled to the memory zone detector, the access grant generator generating an access grant signal if both the memory zone matching signal and identifier are asserted.

47. (Currently Amended) A method comprising:

configuring an access transaction generated by a processor having a first execution mode and a second execution mode;

generating configuration settings that are stored in a configuration storage including an execution mode identifier that is asserted as an execution mode signal to indicate the processor is operating in the

first execution mode, the configuration settings further including subsystem memory range settings, a memory base value, and a memory length value, a combination of at least the base and length values to define a protected memory area in a memory external to the processor that is accessible to the processor in the first execution mode, and the configuration settings to define an un-protected memory area that is accessible to the processor in the second execution mode, wherein the processor in the second execution mode cannot access the protected memory area, the access transaction including access information including a physical address;

defining a protected memory zone in the protected memory area defined by a subsystem memory range setting;

defining an un-protected memory zone in the un-protected memory area; and

checking the access transaction using at least one of the configuration settings and the access information to determine if the access transaction is valid.

48. (Previously Presented) The method of claim 47 wherein the protected memory zone in the protected memory area includes at least one protected memory page.

49. (Previously Presented) The method of claim 48 wherein the at least one protected memory page includes an applet page.

50. (Previously Presented) The method of claim 48 wherein the at least one protected memory page includes an OS nub page.

51. (Previously Presented) The method of claim 48 wherein the at least one protected memory page includes a processor nub page.

52. (Canceled)

53. (Currently Amended) The method of claim [[52]] 47 wherein an identifier is used to identify a currently active protected memory zone and that the processor is operating in the first execution mode.

54. (Previously Presented) The method of claim 53 wherein determining if the access transaction is valid further comprises determining if the physical address is within the currently active protected memory zone and if the identifier is asserted.

55. (Previously Presented) The method of claim 53 further comprising detecting if the physical address is within the currently active protected memory zone such that a memory zone matching signal is generated.

56. (Previously Presented) The method of claim 55 further comprising generating an access grant signal if both the memory zone matching signal and identifier are asserted.

57. (Currently Amended) A machine-readable medium having stored thereon instructions, which when executed by a machine, cause the machine to perform the following operations comprising:

configuring an access transaction generated by a processor having a first execution mode and a second execution mode;

generating configuration settings that are stored in a configuration storage including an execution mode identifier that is asserted as an execution mode signal to indicate the processor is operating in the first execution mode, the configuration settings further including subsystem memory range settings, a memory base value, and a memory length value, a combination of at least the base and length values to define a protected memory area in a memory external to the processor that is accessible to the processor in the first execution mode, and the configuration settings to define an un-protected memory area that is accessible to the processor in the second execution mode, wherein the processor in the second execution mode cannot access the protected memory area, the access transaction including access information including a physical address;

defining a protected memory zone in the protected memory area defined by a subsystem memory range setting;

defining an un-protected memory zone in the un-protected memory area; and

checking the access transaction using at least one of the configuration settings and the access information to determine if the access transaction is valid.

58. (Previously Presented) The machine-readable medium of claim 57 wherein the protected memory zone in the protected memory area includes at least one protected memory page.

59. (Previously Presented) The machine-readable medium of claim 58 wherein the at least one protected memory page includes an applet page.

60. (Previously Presented) The machine-readable medium of claim 58 wherein the at least one protected memory page includes an OS nub page.

61. (Previously Presented) The machine-readable medium of claim 58 wherein the at least one protected memory page includes a processor nub page.

62. (Canceled)

63. (Currently Amended) The machine-readable medium of claim [[62]] 57 wherein an identifier is used to identify a currently active protected memory zone and that the processor is operating in the first execution mode.

64. (Previously Presented) The machine-readable medium of claim 63 wherein determining if the access transaction is valid further comprises determining if the physical address is within the currently active protected memory zone and if the identifier is asserted.

65. (Previously Presented) The machine-readable medium of claim 63 further comprising detecting if the physical address is within the currently active protected memory zone such that a memory zone matching signal is generated.

66. (Previously Presented) The machine-readable medium of claim 65 further comprising generating an access grant signal if both the memory zone matching signal and identifier are asserted.

67. (Currently Amended) A system comprising:  
a chipset;

a memory coupled to the chipset;

a processor coupled to the chipset and the memory having an access manager, the processor having a first execution mode and a second execution mode, the processor generating an access transaction having access information, the access manager comprising:

a configuration storage to store configuration settings to configure an access transaction generated by a processor having a first execution mode and a second execution mode, the configuration storage to store an execution mode identifier that is asserted as an execution mode signal to indicate the processor is operating in the first execution mode, the configuration settings including subsystem memory range settings, a memory base value, and a memory length value, a combination of at least the base and length values to define a protected memory area in a memory external to the processor that is accessible to the processor in the first execution mode, and the configuration settings to define an un-protected memory area that is accessible to the processor in the second execution mode, wherein the processor in the second execution mode cannot access the protected memory area, the access transaction including access information including a physical address;

a protected memory zone in the protected memory area defined by a subsystem memory range setting;

an un-protected memory zone in the un-protected memory area; and

a memory zone access checking circuit coupled to the configuration storage to check the access transaction using at least one of the configuration settings and the access information to determine if the access transaction is valid and generating an access grant signal if the transaction is valid.

68. (Previously Presented) The system of claim 67 wherein the protected memory zone in the protected memory area includes at least one protected memory page.

69. (Previously Presented) The system of claim 68 wherein the at least one protected memory page includes an applet page.

70. (Previously Presented) The system of claim 68 wherein the at least one protected memory page includes an OS nub page.

71. (Previously Presented) The system of claim 68 wherein the at least one protected memory page includes a processor nub page.

72. (Canceled)

73. (Currently Amended) The system of claim [[72]] 67 further comprising an identifier that identifies a currently active protected memory zone and that the processor is operating in the first execution mode.

74. (Previously Presented) The system of claim 73 wherein determining if the access transaction is valid further comprises determining if the physical address is within the currently active protected memory zone and if the identifier is asserted.

75. (Previously Presented) The system of claim 73 wherein the multi-memory zone access checking circuit comprises a memory zone detector to detect if the physical address is within the currently active protected memory zone such that the memory zone detector generates a memory zone matching signal.

76. (Previously Presented) The system of claim 75 wherein the multi-memory zone access checking circuit further comprises an access grant generator coupled to the memory zone detector, the access grant generator generating an access grant signal if both the memory zone matching signal and identifier are asserted.